/* Copyright(C) 2006-2008 Dave Sexton  *
 * http://www.codeplex.com/aip         *
 * http://www.codeplex.com/aip/license *
 ***************************************/
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Drawing;
using System.IO;
using System.Drawing.Imaging;
using System.Web.SessionState;

namespace DaveSexton.Web.Controls
{
	/// <summary>
	/// Handles requests for AIP images being persisted on the server.  This class cannot be inherited.
	/// </summary>
	/// <remarks>
	/// <para>
	/// This handler differs from its base type, <see cref="AutoInputProtectionRequestHandler"/>, only in that it forces ASP.NET
	/// to ensure that a session ID is maintained across requests when session state is enabled.
	/// </para>
	/// <para>
	/// The purpose of this handler is for when <see cref="AutoInputProtection.UserMode"/> is set to 
	/// <see cref="AutoInputProtectionUserMode.SessionOrClient"/>, with sessions enabled, but when session state is not being used
	/// by the application.  In this case ASP.NET will generate a new session ID on each request but because AIP will use the 
	/// session ID to generate internal keys for persisting tests on the server, a subsequent request will not be able to identify
	/// the test that was generated by the previous request, so validation cannot occur.  By simply adding this handler to the 
	/// configuration file instead of <see cref="AutoInputProtectionRequestHandler"/>, ASP.NET will ensure that the same session ID 
	/// is used across requests from the same user for as long as the session remains active.
	/// </para>
	/// <note>
	/// Since this issue is basically transparent it wouldn't be obvious to developers why AIP is not working correctly.
	/// For this reason alone <see cref="AutoInputProtectionUserMode.SessionOrClient"/> is not used as the default value for 
	/// the <see cref="AutoInputProtection.UserMode"/> property, even though it may provide a more secure alternative.
	/// </note>
	/// <para>
	/// Refer to the remarks in <see cref="AutoInputProtectionRequestHandler"/> for information on the base implementation.
	/// </para>
	/// </remarks>
	/// <seealso cref="AutoInputProtectionRequestHandler"/>
	public sealed class AutoInputProtectionSessionRequestHandler : AutoInputProtectionRequestHandler, IRequiresSessionState
	{
		#region Constructors
		/// <summary>
		/// Constructs a new instance of the <see cref="AutoInputProtectionSessionRequestHandler" /> class.
		/// </summary>
		public AutoInputProtectionSessionRequestHandler()
		{
		}
		#endregion
	}
}
